Menu
I have a single installation of java in a system that runs 2 or 3 applications.
All the applications use the same runtime.
Is there a way to specify a different keystores for the ca certs than the one in java_home/jre/lib/security. That is, is there an option to specify an "extra" keystore that is loaded and added to the certs loaded from java_home/jre/lib/security/cacerts?
What I want to avoid is having to re-import our local ca every time I upgrade the jdk in the box.
458
A certificates file named cacerts resides in the security properties directory, java. home \lib\security, where java. home is the runtime environment directory (the jre directory in the SDK or the top-level directory of the Java™ 2 Runtime Environment).
The cacerts trust store contains a set of commonly used root certificates that are present by default with Management and Security Server. To change this password: Set a property in container.
I think you want to specify the truststore:
java -Djavax.net.ssl.trustStore=/home/gene/mycacerts ...
Or if you are using certs through JSSE (you probably are), you can copy your truststore to jssecacerts in the $JAVA_HOME/jre/lib/security/ directory (although you'd still have to do that each time a JDK got installed/reinstalled). Sun's JSSE looks for $JAVA_HOME/jre/lib/security/jssecacerts before $JAVA_HOME/jre/lib/security/cacerts.
See http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager
112
These both jvm options are used to locate custom truststore and their password.
java -Djavax.net.ssl.trustStore=custompath/cacerts -Djavax.net.ssl.trustStorePassword=changeit
In order to make sure what trustStore is being loaded by the application, add following argument as well,
-Djavax.net.debug=ssl:handshake
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
